a
rate limit
plugin for caddy
Only support Caddy v1, try on https://github.com/mholt/caddy-ratelimit if you are using v2
Excessive requests will be terminated with an error 429 (Too Many Requests)! And X-RateLimit-RetryAfter
header will be returned.
For single resource:
ratelimit methods path rate burst unit
-
methods
are the request methods it will match (comma separately) -
path
is the file or directory to applyrate limit
-
rate
is the limited request in every time unit (r/s, r/m, r/h, r/d, r/w) (e.g. 1) -
burst
is the maximum burst size client can exceed; burst >= rate (e.g. 2) -
unit
is the time interval (currently support:second
,minute
,hour
,day
,week
)
For multiple resources:
ratelimit methods rate burst unit {
whitelist CIDR,CIDR
limit_by_header xxx
status xxx,xxx
resources
}
whitelist
is the keyword for whitelist your trusted ips (comma separately). CIDR is the IP range you don't want to performrate limit
.whitelist
is a general rule, it won't target for specific resource.limit_by_header
is the keyword for matching the request header. Likewhitelist
, it's also a general rule. Note: normally you shouldn't apply this rule unless the defaultlimit by ip
is not what you want and you want tolimit by request header
(e.g.Authorization
).status
is the keyword for matching the response status code (comma separately). If this rule is triggered, all subsequent requests from that client will be blocked regardless of which status code is returned or which resource is requested. Note: this won't block resources not defined inratelimit
's config.resources
is a list of files/directories to applyrate limit
, one per line
Note: If you don't want to apply rate limit
on some special resources, add ^
in front of the path.
Limit clients to 2 requests per second (bursts of 3) to any methods and any resources under /r:
ratelimit * /r 2 3 second
Don't perform rate limit
if requests come from 1.2.3.4 or 192.168.1.0/30(192.168.1.0 ~ 192.168.1.3), for the listed paths, limit clients to 2 requests per minute (bursts of 2) if the request method is GET or POST and always ignore /dist/app.js
:
ratelimit get,post 2 2 minute {
whitelist 1.2.3.4/32,192.168.1.0/30
status *
/foo.html
/api
^/dist/app.js
}
curl https://getcaddy.com | bash -s personal http.ratelimit
docker run -d -p 2016:2016 -v `pwd`/Caddyfile:/Caddyfile -v `pwd`/test_site:/test_site --name ratelimit xuqingfeng/caddy-rate-limit
Inspired by
http://nginx.org/en/docs/http/ngx_http_limit_req_module.html